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CLAIMS 

1. A service provider system with a first subsystem (1) comprising: 
means for providing activation tokens (6, 7, 8) to be transmitted to at least one 

5 customer with a second subsystem (2) for receiving said activation tokens, 

said means for providing activation tokens (6, 7, 8) including means for providing 
activation information (7) and means for naming of system characteristics in machine 
readable and filterable manner (6), 

wherein the relevance of said activation information to said second subsystem (2) can 
10 be determined by checking whether said second subsystem (2) has characteristics 
corresponding to said naming of said activation token. 

2. Service provider system as claimed in claim 1 r wherein said means for providing 
activation tokens (6, 7, 8) include cryptographic means (8) for encrypting the activation 

15 tokens and signing means for producing a verification information like a signature, to be 
verified by said second subsystem (2) of said customer. 

3. A customer system with a second subsystem (2) for receiving activation tokens 
provided by a service provider with a first subsystem (1), said activation tokens 

20 including activation information and naming of system characteristics in machine 
readable and filterable manner, 
said second subsystem (2) comprising: 

receiving means (11) for controlling said receiving of said activation tokens, 
checking means (12) for automatically determining whether said activation information 
25 is relevant for said second subsystem (2) by checking whether said second subsystem 
(2) has characteristics corresponding to said naming of an activation token, and 
transforming means (13) for transforming relevant activation information into at least 
one activation measure for said second subsystem (2). 

30 4, Customer system as claimed in claim 3, wherein said receiving means (1 1) 

include cryptographic means for verifying said service provider as being the provider of 
said activation token and/or admitting means for controlling whether said service 
provider is legitimated to send activation tokens to said customer. 
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5, Customer system as claimed in claim 3, wherein said transforming means (13) 
include at least one set of filter parameters to enable transforming of said relevant acti- 
vation information into at least one acceptable activation measure. 

5 6. Customer system as claimed in claim 3, wherein said second subsystem (2) 
includes implementation means (14) for implementing at least one activation measure, 
and/or wherein said second subsystem (2) is a webserver. 

7. Customer system as claimed in claim 6, wherein said implementation means 
10 (14) include at least one reporting means for reporting implemented activation 
measures. 

m 8. Customer system as claimed in claim 3, wherein said checking means (12) is 

|U checking whether said second subsystem (2) has a version, platform and/or a 

m 15 configuration corresponding to said naming of an activation token, 

9. Customer system as claimed in claim 3, wherein said receiving means (1 1), 
checking means (12) and transforming means (13) of said second subsystem (2) are 

llll part of an apoptosis system realized by at least one means out of the group of a 

Jj? 20 daemon, a kerne! module, an inittab, an inetd, tcp-wrapper, a rpcbind, a resource 

ll manager, a network management, like Tivoli or HP Openview, and a hardware device. 

10. A system for supplying activation information to a subsystem, said system 
comprising: 

25 a service provider with a first subsystem (1) for providing activation tokens and 

at least one customer with a second subsystem (2) for receiving said activation tokens, 
said activation tokens including activation information and naming of system character- 
istics in machine readable and filterable manner, 
wherein said second subsystem (2) comprises 

30 receiving means (11) for controlling said receiving of said activation tokens, 

checking means (12) for automatically determining whether said activation information 
is relevant for said second subsystem (2) by checking whether said second subsystem 
(2) has characteristics corresponding to said naming of an activation token, and 
transforming means (13) for transforming relevant activation information into at least 

35 one activation measure for said second subsystem (2). 
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11. System as claimed in claim 10, wherein said receiving means (11) include 
cryptographic means for verifying said service provider as being the provider of said 
activation token, and/or wherein said receiving means (11) include admitting means for 

5 controlling whether said service provider is legitimated to send activation tokens to said 
customer. 

12. System as claimed in claim 10, wherein said transforming means (13) include at 
least one set of filter parameters to enable transforming of said relevant activation 

10 information into at least one acceptable activation measure. 

13. System as claimed in claim 10, wherein said second subsystem (2) includes 

0 implementation means (14) for implementing at least one activation measure. 

Z 15 14. System as claimed in claim 13, wherein said implementation means (14) include 
?0 at least one reporting means for reporting implemented activation measures. 

z| 15. System as claimed in claim 10, wherein said naming includes the specification of 

^ a version, platform and a configuration corresponding to said second subsystem (2). 

1 16. System as claimed in claim 10, wherein said receiving means (11), checking 
means (12) and transforming (13) means of said second subsystem (2) are part of an 
apoptosis system realized by at least one means out of the group of a daemon, a 
kernel module, an inittab, an inetd, tcp-wrapper, a rpcbind, a resource manager, a 

25 network management, like Tivoli or HP Openview, and a hardware device. 

17. System as claimed in claim 13, wherein said system is reducing the vulnerability 
of said second subsystem (2) by automatically implementing activation measures at 
said second subsystem (2). 

30 

18. A method for providing activation information by a service provider with a first 
subsystem (1) to a customer with a second subsystem (2) comprising the step of: 
providing activation tokens by said service provider, wherein said activation tokens 
include readable activation information and naming of corresponding system character- 

35 istics in machine readable and filterable manner. 
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19. Method as claimed in claim 18, wherein said step of providing activation tokens 
includes a cryptographic step for encrypting the activation tokens and/or a signing step 
for producing a verification information like a signature, to be verified by said second 

5 subsystem (2) of said customer. 

20. Method as claimed in claim 18, wherein the step of providing activation tokens 
further comprises 

the step of naming by specifying a version, platform and a configuration and/or 
10 the step of structuring activation information. 

21. A method for using activation information by a customer with a second 
subsystem (2), said activation information being provided by service provider with a first 
subsystem (1) in the form of activation tokens including said activation information and 

15 naming of corresponding system characteristics in machine readable and filterable 
manner, said method comprising the steps of: 
receiving said activation tokens by said second subsystem (2), 

automatically determining whether said activation information is relevant for the second 
subsystem (2) by automatically checking by said second subsystem (2) whether said 
20 second subsystem (2) has characteristics corresponding to said naming of an activation 
token, and 

transforming relevant activation information into at least one activation measure for said 
second subsystem (2). 

25 22. Method as claimed in claim 21 , further comprising the step of verifying at said 
second subsystem (2) whether said activation token is provided by said service provider 
and/or whether said service provider is legitimated to send activation tokens to said 
customer. 

30 23. Method as claimed in claim 21, wherein said transforming includes filtering of 
said activation information by at least one set of filter parameters to get at least one 
acceptable activation measure. 



35 
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24. Method as claimed in claim 21, further comprising the step(s) of 
implementing at least one activation measure and/or 

reporting implemented activation measures. 

25. Method as claimed in claim 21, wherein said checking by said second 
subsystem (2) includes checking whether said second subsystem (2) has a version, 
platform and/or a configuration corresponding to said naming of an activation token. 

26. Method as claimed in claim 21, further comprising a step of automatically imple- 
menting at least one activation measure at said second subsystem (2). 

27. Method as claimed in claim 26, wherein the step of automatically implementing 
at least one activation measure leads to a reduction of vulnerability of said second 
subsystem (2) and/or enables a shutdown of a service of said second subsystem (2). 

28. A computer program comprising program code means for performing the 
method of any one of the claims 18 to 27 when said program is run on a computer. 

29. A computer program product comprising program code means stored on a 
computer readable medium for performing the method of any one of the claims 18 to 27 
when said program product is run on a computer. 



